MS08-067 - First Worm Exploiting unpatched systems in the Wild - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

MS08-067 - First Worm Exploiting unpatched systems in the Wild

More evidence that the initial buggy and trojan horse based attacks are being refined by the bad guys into a true Internet based worm. If you haven't performed a Windows Update since October 23rd, it's important to do so immediately.

MS08-067 - First Worm Exploiting unpatched systems in the Wild
http://isc.sans.org/diary.html?storyid=5275
http://www.f-secure.com/weblog/archives/00001526.html
http://www.threatexpert.com/report.aspx?uid=919a973d-9fe1-4196-b202-731ebaaffa5d

QUOTE: Code building on the proof of concept binaries that were mentioned last week has moved into the wild. We've received the first reports of a worm capable of exploiting the MS08-067 vulnerability. The exploit payload downloads a dropper that we detect as Trojan-Dropper.Win32.Agent.yhi.

The dropped components include a kernel mode DDOS-bot that currently has a selection of Chinese targets in its configuration. he worm component is detected as Exploit.Win32.MS08-067.g and the kernel component as Rootkit.Win32.KernelBot.dg.

Posted: Nov 03 2008, 11:15 AM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.